How Google Tracks Apple iPhone Users Browsing

By Cesar Ortiz -  Google and other advertising companies have been following iPhone and Apple users as they browse the Web, even though Apple’s Safari Web browser is set to block such tracking by default. By default, Apple’s Safari browser accepts cookies only from sites that a user visits; these cookies can help the site retain logins or other information. Safari generally blocks cookies that come from elsewhere, but Google, Vibrant, MIG, and PointRoll circumvented Safari cookie blocking, according to tweets by Stanford researcher Jonathan Mayer and his subsequent Wall Street Journal article, and to related research done by the Wall Street Journal Staff.

When a user “googles” contents related to sites that have Google generated advertising in the web and clicks for anything related in the search engine results, it starts a user tracking sequence. As long as a user clicks in the results for any reason, Google detects the clicks using their code embedded in their “+1” button in the browser.

In software development terminology, the word container is used to describe any component that can contain other components inside.  Examples of containers include Java applets, frames and windows. Some are visible, others are not. In our scenario it is a frame with an invisible form to be filled out. Google's invisible container is called “iframe” (InLine FRAME).

This iframe structure is very common in the industry and allows content from one web site to be embedded into another. As a general rule iframes are visible windows or ads. As we have explained before, In Google’s scenario iframe is created as an invisible container with a “form to be filled out”. The invisible iframe that was received in the user’s computers sent a flag to Google that identified the user as an Apple Safari user in a PC, laptop, iPhone or iPad Touch. This is not usual. When someone wants you to fill a form, it is sent as a visible form, of course. But this technique tricked Safari.

When Google received the ID flag identifying Safari as the browser, it sent the invisible form to the user device. The user did not see the form, let alone fill it out, it was blank anyway, but Google code sent the blank invisible form to the user device Safari browser nevertheless. Once the form was sent, Safari behaved as though the user had filled something out intentionally, and the browser allowed Google to put a cookie on the user’s machine. One cookie, in invisible form was sent back blank and the other invisible cookie form had user traffic data capture code (not personal data). The cookies were temporary; the blank one was set to expire in 12 hours, and the other expired in 24 hours. The end result is that users wind up visiting sites that they did not selected.

Google’s Rachel Whetstone said the temporary cookie served to create a “temporary communication link between Safari browsers and Google’s servers.” She said “the goal was to ensure that the information passing between the user’s Safari browser and Google’s servers was anonymous–effectively creating a barrier between a user’s personal information and the web content they browse”. Google said the company tried to design the +1 ad system to protect people’s privacy and did not anticipate that it would enable tracking cookies to be placed on user’s computers.

An Apple spokesman said: “We are aware that some third parties are circumventing Safari’s privacy features and we are working to put a stop to it.” An update to Safari has closed the loophole that allows cookies to be set after the automatic submission of invisible forms. Future public versions of Safari could incorporate that update.

Facebook “ Free Apple iTunes $25 Giftcard “ Scam Spreading Virally

Thousands of users worldwide are being taken to this scam whose only purpose is to earn money for the scammers. There is no free lunch anywhere, let alone the “free Apple $25 iTunes Giftcard. Victims are taken to real surveys that pay scammers money. The scam runs as follows:

Victimized users are posting messages in their walls that read:

“Free $25 Apple iTunes Giftcard

Bonusitunesgiftcard.blogspot.com

Limited time left, get yours now!”

Lets assume that you are the victim, when you click on the blue “Free $25 Apple iTunes Giftcard” link, you are taken to a webpage with an official Apple “man with the iPod” logo that urges you to follow two more “easy steps”, remember, you already clicked on one link (step 1), the second step is to click on an official Facebook “Share This” button to get your free card. When you click on step 2, you are then presented with a window with an  image of the real Apple $25 Giftcard and a Facebook “Share this link on your own wall” blue button, when the button is clicked, the Facebook interface will immediately send the same message you receive originally to all your friends, therefore propagating the scam.

The “last” step to “get your card” is step 3. Now you are presented with a window with a real Apple logo imagery so that you may think the “free card” campaign is endorsed by Apple. When victimized users click on the “finish by taking a survey” blue button, you are presented with a professional looking window that even has a “need help?” option. This window has a locked key image and is titled “Content Locked”, at this time, users should be suspicious, you followed three steps and no Giftcard yet?

Users are then told to select from three “offers” from winning an iPhone, a Mercedes or a Gucci shopping spree. You are then taken to a survey that could be on any subject. No one ever has received anything for taking the survey. What can you expect when you are taken by deception to a survey? As stated above, the surveys are real; therefore the scammer gets money for each survey taken.

To clean this mess, victims should do the following:

(1)  Go to your Facebook page and select your “News feed” and delete the related post by clicking the blue “Remove Post” button.

(2)  Notify your friends to follow the same steps.